SSI in IoT Network Security



Frank Kottler


Use cases for Internet of Things are plentiful: By conservative estimates, IoT applications face a $ 500 billion market opportunity in 2021 alone[1]. While networked devices often offer exciting opportunities for our clients, conventional IoT systems may raise unique security considerations. We explore the challenges in securing your IoT network and the solutions that self-sovereign identity (SSI) and blockchain architectures can contribute to IoT network security.

Our analysis shows that SSI and giving each device control over its own secure identity have several advantages over conventional identity management:

  • Granular access management with minimized need for record-keeping
  • Granular trust management for credential issuers
  • Elimination of a single point of failure in central access control
  • Credentials are kept with each client: streamlines device management
  • Facilitates compliance and the creation of audit trails in connection with block-chain-based access management
  • Powerful gatekeeping for interoperability
  • Low overhead

Why is this even an issue? Unfortunately, IoT device security has long been neglected, very much to the regret of network administrators. In an effort to secure their network against hacking and sabotaging attempts, they are constantly threatened by insecure device communication, poor device firmware security, and inadequate security hardware on IoT devices. The ways to mitigate these risks are equally diverse, from physical safeguarding to cryptographic network security to contingency planning for “the Big Hack”. Additionally, the multitude of devices, non-conformity to standards, and constant device maintenance, replacement and expansion will compromise network security if the whole system is not streamlined.

Meanwhile, IoT applications become more present in our daily life, uncovering new busi-ness cases every day. True value pioneers will find even more exciting opportunities in shared ecosystems: autonomous devices dynamically joining a service, sharing data and generating value, then securely disconnecting and working with the next client. Well – the truth is that we are still far away from this utopia. Shortcomings in IoT security are a ma-jor roadblock to technological and business model maturity. In addition, according to my colleague Hartmut Obendorf, “the new paradigm of distributed identity management is pivotal for (semi-)autonomous applications in shared corporate value networks” (more on this in a future post). With the rise of coopetitive ecosystems, all entities need a way to in-dependently identify themselves and prove their permission to perform business actions, without ceding their power to a central identity provider. Yet, adoption of distributed identity management systems like self-sovereign identity (SSI) is still in its infancy.

Now, would it not be interesting if the resolution of one barrier also alleviated the resolu-tion of the other? Indeed, identity-based security is already a cornerstone in IoT networks. It works on the principle that each device, based on its authentication, receives what it is entitled to. In a Deep Dive, I explore how the chosen network architecture interplays with the identity management system, and the benefits that SSI could offer to IoT networks compared to current methods like pre-shared keys and a public-key infrastructure. We follow the logistics company VirGo that is tasked with securely supplying the COVID-19 vaccination campaign. For maximum safety, IoT sensors provide decision data for ware-house access, authorization for transfer of custody, and must be easily managed and shielded against attacks.

It turns out that the SSI framework is even so versatile that it facilitates the expansion of a corporate IoT ecosystem into a public or permissioned environment. Businesses can extend the authority to provision devices for their own ecosystem to their business partners thanks to SSI’s high level of granularity, and potential for standardization. And by basing IoT identity management on SSI, we automatically equip our network for the new business cases in the context of Industry 4.0 and corporate value networks.
At their current maturity level, however, these network architectures are best prototyped in a sandbox environment. Yet, anyone involved in strategy-making should consider the untapped opportunities of shared IoT ecosystems and how their network security architec-ture can be enabled for these applications in the long run. At CHAINSTEP, our experts are ready to support you across the whole lifecycle of your IoT network – based on your cur-rent environment and future opportunities alike. Get in touch with us or find out more about this topic in our Deep Dive:
Part 1: Security requirements for IoT networks.
Part 2: Identifying the network architecture.
Part 3: Defining the identity management system.

Sign up for industry trends.

You want to stay in touch with current blockchain industry trends outside cryptocurrency?

Sign up for the CHAINSTEP newsletter and receive valuable insights and news directly into your inbox.